ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (AMBARI-15645) Upgrading Kerberized JournalNode requires HDFS principal to perform 'role edits' task
Date Thu, 31 Mar 2016 15:31:25 GMT

     [ https://issues.apache.org/jira/browse/AMBARI-15645?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Robert Levas updated AMBARI-15645:
----------------------------------
    Status: Patch Available  (was: In Progress)

> Upgrading Kerberized JournalNode requires HDFS principal to perform 'role edits' task
> -------------------------------------------------------------------------------------
>
>                 Key: AMBARI-15645
>                 URL: https://issues.apache.org/jira/browse/AMBARI-15645
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.1.2
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>             Fix For: 2.2.2
>
>         Attachments: AMBARI-15645_trunk_01.patch
>
>
> After upgrading HDP in Ambari version 2.1.2.1 a task a performed to _role edits_ while
restarting JournalNodes. If Kerberos is enabled, the JN Kerberos identity is established before
making this call when really the HDFS identity should be established - since this is an administrative
HDFS call that requires the HDFS administrator user to perform.
> Because of this, the following error is generated and seen in the :
> {noformat}
> Fail: Execution of 'hdfs dfsadmin -rollEdits' returned 255. rollEdits: Access denied
for user jn. Superuser privilege is required
> {noformat}
> The offending code is
> {code:title=common-services/HDFS/2.1.0.2.0/package/scripts/journalnode_upgrade.py}
>   if params.security_enabled:
>     Execute(params.jn_kinit_cmd, user=params.hdfs_user)
>   time.sleep(5)
>   hdfs_roll_edits()
>   time.sleep(5)
> {code}
> It should probably be something like:
> {code:title=common-services/HDFS/2.1.0.2.0/package/scripts/journalnode_upgrade.py}
>   if params.security_enabled:
>     Execute(params.hdfs_kinit_cmd, user=params.hdfs_user)
>   time.sleep(5)
>   hdfs_roll_edits()
>   time.sleep(5)
> {code}
> *Note the change from jn to hdfs in the kinit command line.*
> This issue has also been posted in https://issues.apache.org/jira/browse/AMBARI-10519.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message